<?php

// phpMyRealty 3
//
// File Name: alerts.php
// File Location : ./
//
// Copyright (c)2009 phpMyRealty.com
//
// e-mail: support@phpMyRealty.com

// Include configuration file and general functions
define('PMR', 'true');

include ( './config.php' );
include ( PATH . '/defaults.php' );

generateCaptcha();

$rand = mt_rand(1, 999);

// ----------------------------------------------------------------------
// LISTING ALERTS SECTION

// Title tag content
$title = $conf['website_name_short'] . ' - ' . $lang['Alert'];

$initAjax = TRUE;

if (isset($initAjax) && $initAjax)
 include ( PATH . '/includes/ajaxDropdowns.php');

// Template header
include ( PATH . '/templates/' . $cookie_template . '/header.php' );

// Submit Realtor

// If the Submit button was pressed we start this routine
if (isset($_POST['submit_alert'])
&& $_POST['submit_alert'] == $lang['Alert_Submit'])
 {

  $form = array();

  // safehtml() all the POST variables
  // to insert into the database or
  // print the form again if errors
  // found
  $form = array_map('safehtml', $_POST);

  echo table_header ( $lang['Information'] );

  // Initially we think that no errors were found
  $count_error = 0;

  if ( strtoupper($_POST['security']) != $_SESSION['random'] )
   { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Security_Code'] . ' </span><br />'; $count_error++;}

  if (empty($form['email']) || strlen($form['email']) < 4  || !valid_email($form['email']))
   { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Alert_email'] . '</span><br />'; $count_error++;}

  if ($form['email'] != $form['email2'])
   { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Alert_email'] . '</span><br />'; $count_error++;}

  if (
   (isset($form['location1']) && $form['location1'] == 'ANY') ||
   (isset($form['location2']) && $form['location2'] == 'ANY') ||
   (isset($form['location3']) && $form['location3'] == 'ANY')
  ) {
   echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Location'] . '</span><br />'; $count_error++;
  }

  if (empty($form['zip']) && strcasecmp(@$conf['show_postal_code'], 'OFF') != 0)
   { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Alert_Zip'] . '</span><br />'; $count_error++;}

  // Check if email is banned
  $sql = 'SELECT * FROM ' . BANS_TABLE . ' WHERE name = "' . safehtml($form['email']) . '" LIMIT 1';
  $r = $db->query($sql) or error ('Critical Error', mysql_error () );

  if ($db->numrows($r) > 0 )
   { echo $lang['e_mail_Banned'] . '<br />'; $count_error++;}

  if ($count_error > '0')
   echo '<br /><span class="warning">' . $lang['Errors_Found'] . ': ' . $count_error . '</span><br />';

  // If no errors were found during the above checks we continue
  if ($count_error == '0')
   {

    if ( strtoupper($_POST['security']) == $_SESSION['random'] ) $session->varunset('random');

    // Get the user IP address
    $user_ip = $_SERVER['REMOTE_ADDR'];
    // If there is more than one IP
    // get the first one from the
    // comma separated list
    if ( strstr($user_ip, ', ') )
     {
      $ips = explode(', ', $user_ip);
      $user_ip = $ips[0];
     }

    $code = rand(1000000000,9999999999);

    if (!isset($form['location1'])) $form['location1'] = '0';
    if (!isset($form['location2'])) $form['location2'] = '0';
    if (!isset($form['location3'])) $form['location3'] = '0';

    // Create a mysql query
    $sql = 'INSERT INTO '. ALERTS_TABLE .
      ' (approved, email, name, type, zip, city, code) VALUES
	(0, "' . $form['email'] . '", "' . $form['name']. '",
	 "' . $form['type'] . '", "' . @$form['zip'] . '",
	 "' . $form['location1'] . '#' . $form['location2'] . '#' . $form['location3'] . '", "' . $code . '")';

    $db->query($sql) or error ('Critical Error', mysql_error ());

    $mail = new PHPMailer();

    if(PHPMAILER == '3') {
     $mail->IsSMTP(); // set mailer to use SMTP
     $mail->Host = $smtp['host'];  // specify main and backup server
     $mail->SMTPAuth = true;     // turn on SMTP authentication
     $mail->Username = $smtp['login'];  // SMTP username
     $mail->Password = $smtp['password']; // SMTP password
    }
    elseif(PHPMAILER == '2') {
     $mail->IsSendmail(); // set mailer to use SMTP
    }
    else {
    }

    $mail->From = $conf['general_e_mail'];
    $mail->FromName = $conf['general_e_mail_name'];
    $mail->AddAddress($form['email']);

    $lang['Alert_Notification_Subject'] = str_replace('{website}', $conf['website_name'], $lang['Alert_Notification_Subject']);
    $mail->Subject = $lang['Alert_Notification_Subject'];

    // Replacing the variable names
    $lang['Alert_Notification_Mail'] = str_replace('{name}', $form['name'], $lang['Alert_Notification_Mail']);
    $lang['Alert_Notification_Mail'] = str_replace('{email}', $form['email'], $lang['Alert_Notification_Mail']);
    $lang['Alert_Notification_Mail'] = str_replace('{link}', URL . '/alertscontrol.php?req=approve&code=' . $code, $lang['Alert_Notification_Mail']);
    $lang['Alert_Notification_Mail'] = str_replace('{website}', $conf['website_name'], $lang['Alert_Notification_Mail']);

    $mail->MsgHTML    = $lang['Alert_Notification_Mail'];
    $mail->AltBody = removehtml($lang['Alert_Notification_Mail']);

    $mail->Send();

    echo $lang['Alert_Added'];

   }

   echo table_footer ( );

 }

// If we open alerts.php for the first time
// or there were errors found in the form fields
// we output the form again with the old variables
// included
if (!isset($count_error) || $count_error > '0')

 {

  echo table_header ( $lang['Alert'] );

  // Define the form variables if the form is loaded for the first time
  if (!isset($form))
   {
    $form = array();
    $form['name'] = '';
    $form['email'] = '';
    $form['email2'] = '';
    $form['type'] = '';
    $form['zip'] = '';
    $form['location1'] = '';
    $form['location2'] = '';
    $form['location3'] = '';
   }

  echo $lang['Alert_Text'] . '<br /><br />';

  // Output the form
  echo '
   <form action="' . URL . '/alerts.php" method="POST" name="form">
    <table width="100%" cellpadding="5" cellspacing="0" border="0">
       ';

  echo userform ($lang['Alert_Name'], '<input type="text" size="45" name="name" value="' . $form['name'] . '" maxlength="255">');
  echo userform ($lang['Alert_email'], '<input type="text" size="45" name="email" value="' . $form['email'] . '" maxlength="50">', '1');
  echo userform ($lang['Alert_email2'], '<input type="text" size="45" name="email2" value="' . $form['email2'] . '" maxlength="50">', '1');

  echo userform ($lang['Alert_Type'], '<select name="type">' . generate_options_list(TYPES_TABLE, $form['type']) . '</select>', '1');

// ==

  $r_location1 = $db->query('SELECT selector, category FROM ' . LOCATION1_TABLE);

  $newContentMain = '<option value="ANY">' . $lang['Select'] . '</option>' . "\n";

  while ($f_location1 = $db->fetcharray($r_location1)) {
   $newContentMain.= '<option value="' . $f_location1['selector'] . '">' . $f_location1['category'] . '</option>' . "/n";
  }

  echo userform ($lang['Location'], '
          <select name="location1" class="span3" id="location1" onchange="xajax_fetchLocations2(this.value);">

' . $newContentMain . '

          </select>
          <div style="display: inline" id="location2div" name="location2div"></div>
          <div style="display: inline" id="location3div" name="location3div"></div>
', '1');

// ==

  if (strcasecmp(@$conf['show_postal_code'], 'OFF') != 0) {
      echo userform ($lang['Alert_Zip'], '<input type="text" size="45" name="zip" value="' . $form['zip'] . '" maxlength="20">', '1');
  }
  echo userform ($lang['Security_Code'], '<img src="' . URL . '/security.php?' . $rand . '" border="0" alt=""><input type="text" size="25" name="security" value="" maxlength="255">' , '1');

  // Submit button
  echo userform ('', '<input type="Submit" class="submit" name="submit_alert" value="' . $lang['Alert_Submit'] . '">');

  echo '
    </table>
   </form>
       ';

  echo table_footer ();

 }

// Template footer
include ( PATH . '/templates/' . $cookie_template . '/footer.php' );

?>